

<!DOCTYPE html>
<html lang="zh-CN" data-default-color-scheme=dark>



<head>
  <meta charset="UTF-8">
  <link rel="apple-touch-icon" sizes="76x76" href="/img/newtubiao.png">
  <link rel="icon" href="/img/newtubiao.png">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  
  <meta name="theme-color" content="#2f4154">
  <meta name="description" content="">
  <meta name="author" content="Asteri5m">
  <meta name="keywords" content="">
  <meta property="og:type" content="website">
<meta property="og:title" content="Asteri5m">
<meta property="og:url" content="http://asteri5m.icu/index.html">
<meta property="og:site_name" content="Asteri5m">
<meta property="og:locale" content="zh_CN">
<meta property="article:author" content="Asteri5m">
<meta name="twitter:card" content="summary_large_image">
  
    <meta name="baidu-site-verification" content="code-GBSY8p4qe6" />
  
  <title>Asteri5m</title>

  <link  rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4/dist/css/bootstrap.min.css" />



<!-- 主题依赖的图标库，不要自行修改 -->

<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_ba1fz6golrf.css">



<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_kmeydafke9r.css">


<link  rel="stylesheet" href="/css/main.css" />

<!-- 自定义样式保持在最底部 -->

  
<link rel="stylesheet" href="//cdn.jsdelivr.net/npm/aplayer@1.10.0/dist/APlayer.min.css">
<link rel="stylesheet" href="/xm_custom/custom.css">



  <script id="fluid-configs">
    var Fluid = window.Fluid || {};
    var CONFIG = {"hostname":"asteri5m.icu","root":"/","version":"1.8.12","typing":{"enable":true,"typeSpeed":120,"cursorChar":"_","loop":true},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"right","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"copy_btn":true,"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":3},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":"5INqyf5xMrWdsn0whn39qjsu-gzGzoHsz","app_key":"6UTAOxyJnjvDwHX3PJagKMg9","server_url":"https://5inqyf5x.lc-cn-n1-shared.com","path":"window.location.pathname"}},"search_path":"/local-search.xml"};
  </script>
  <script  src="/js/utils.js" ></script>
  <script  src="/js/color-schema.js" ></script>
<meta name="generator" content="Hexo 5.4.0"></head>


<body>
  <header style="height: 105vh;">
    <nav id="navbar" class="navbar fixed-top  navbar-expand-lg navbar-dark scrolling-navbar">
  <div class="container">
    <a class="navbar-brand" href="/">
      <strong>Asteri5m</strong>
    </a>

    <button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
            data-target="#navbarSupportedContent"
            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
      <div class="animated-icon"><span></span><span></span><span></span></div>
    </button>

    <!-- Collapsible content -->
    <div class="collapse navbar-collapse" id="navbarSupportedContent">
      <ul class="navbar-nav ml-auto text-center">
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/">
                <i class="iconfont icon-home-fill"></i>
                首页
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/archives/">
                <i class="iconfont icon-archive-fill"></i>
                归档
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/categories/">
                <i class="iconfont icon-category-fill"></i>
                分类
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/tags/">
                <i class="iconfont icon-tags-fill"></i>
                标签
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/about/">
                <i class="iconfont icon-user-fill"></i>
                关于
              </a>
            </li>
          
        
          
          
          
          
            <li class="nav-item">
              <a class="nav-link" href="/guestbook/">
                <i class="iconfont icon-note"></i>
                留言板
              </a>
            </li>
          
        
        
          <li class="nav-item" id="search-btn">
            <a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
              &nbsp;<i class="iconfont icon-search"></i>&nbsp;
            </a>
          </li>
        
        
          <li class="nav-item" id="color-toggle-btn">
            <a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">&nbsp;<i
                class="iconfont icon-dark" id="color-toggle-icon"></i>&nbsp;</a>
          </li>
        
      </ul>
    </div>
  </div>
</nav>

    <div class="banner" id="banner" false
         style="background: url('/img/none.png') no-repeat center center;
           background-size: cover;">
      <div class="full-bg-img">
        <div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0)">
          <div class="page-header text-center fade-in-up">
            <span class="h2" id="subtitle" title="技术无边界，学习无止境">
              
            </span>

            
          </div>

          
            <div class="scroll-down-bar">
              <i class="iconfont icon-arrowdown"></i>
            </div>
          
        </div>
      </div>
    </div>
  </header>

  <main>
    
      <div class="container nopadding-x-md">
        <div class="py-5" id="board"
          >
          
          <div class="container">
            <div class="row">
              <div class="col-12 col-md-10 m-auto">
                


  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/pwn%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%834-ROP%E7%BB%95%E8%BF%87%E6%A0%88%E5%8F%AF%E6%89%A7%E8%A1%8C%E4%BF%9D%E6%8A%A4%E4%B8%8EGOT%E8%A1%A8%E5%8A%AB%E6%8C%81.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20220309151630963.png" srcset="/img/loading.gif" lazyload alt="pwn入门到放弃4-ROP绕过栈可执行保护与GOT表劫持">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/pwn%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%834-ROP%E7%BB%95%E8%BF%87%E6%A0%88%E5%8F%AF%E6%89%A7%E8%A1%8C%E4%BF%9D%E6%8A%A4%E4%B8%8EGOT%E8%A1%A8%E5%8A%AB%E6%8C%81.html" target="_self">
          pwn入门到放弃4-ROP绕过栈可执行保护与GOT表劫持
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/pwn%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%834-ROP%E7%BB%95%E8%BF%87%E6%A0%88%E5%8F%AF%E6%89%A7%E8%A1%8C%E4%BF%9D%E6%8A%A4%E4%B8%8EGOT%E8%A1%A8%E5%8A%AB%E6%8C%81.html" target="_self">
          
          
            
          
          0x00 前言&amp;准备工作该篇是基于前一篇的基础之上所做的研究。上一篇中，因为程序没有system所以导致需要我们构造自己的shellcode，但是前提是栈可执行，该篇研究的是在栈不可执行的情况下如何获取shell
准备工作还是上一篇差不多，先关闭操作系统的地址空间随机化（ASLR），这是针对栈溢出漏洞被操作系统广泛采用的防御措施。关闭该防御来降低学习复现的难度。需要root执行。
12# 
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2022-03-09 15:38" pubdate>
              2022-03-09
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/Pwn%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/">Pwn基础知识</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Pwn/">Pwn</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/pwn%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%833-%E6%B2%A1%E6%9C%89system%E4%B9%8B%E6%9E%84%E9%80%A0%E8%87%AA%E5%B7%B1%E7%9A%84shellcode.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20220307164804214.png" srcset="/img/loading.gif" lazyload alt="pwn入门到放弃3-没有system之构造自己的shellcode">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/pwn%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%833-%E6%B2%A1%E6%9C%89system%E4%B9%8B%E6%9E%84%E9%80%A0%E8%87%AA%E5%B7%B1%E7%9A%84shellcode.html" target="_self">
          pwn入门到放弃3-没有system之构造自己的shellcode
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/pwn%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%833-%E6%B2%A1%E6%9C%89system%E4%B9%8B%E6%9E%84%E9%80%A0%E8%87%AA%E5%B7%B1%E7%9A%84shellcode.html" target="_self">
          
          
            
          
          在挖掘和利用漏洞的时候，会遇见没有没有system函数的时候，无法执行system(&quot;/bin/sh&quot;)，此时，需要构造自己的shellcode
0x00 准备工作随手写一个作为测试使用
12345678910#include&lt;stdio.h&gt;#include&lt;string.h&gt;int main()&#123;	char buf[128];	gets(b
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2022-03-07 18:34" pubdate>
              2022-03-07
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/Pwn%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/">Pwn基础知识</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Pwn/">Pwn</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/bugku%E7%BB%83%E9%A2%98%E8%AE%B0%E5%BD%952%20timer%5B%E9%98%BF%E9%87%8Cctf%5D&amp;%E9%80%86%E5%90%91%E5%85%A5%E9%97%A8.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20220304110300380.png" srcset="/img/loading.gif" lazyload alt="bugku练题记录2 timer[阿里ctf]&amp;逆向入门">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/bugku%E7%BB%83%E9%A2%98%E8%AE%B0%E5%BD%952%20timer%5B%E9%98%BF%E9%87%8Cctf%5D&amp;%E9%80%86%E5%90%91%E5%85%A5%E9%97%A8.html" target="_self">
          bugku练题记录2 timer[阿里ctf]&amp;逆向入门
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/bugku%E7%BB%83%E9%A2%98%E8%AE%B0%E5%BD%952%20timer%5B%E9%98%BF%E9%87%8Cctf%5D&amp;%E9%80%86%E5%90%91%E5%85%A5%E9%97%A8.html" target="_self">
          
          
            
          
          0x10 timer[阿里ctf]一道安卓题，接触不多，使用jdk-gui打开找到main函数

这里的关键是时间差，而且可以看到是二十万秒后，换算一下两天多，不想做就慢慢挂起也行啊。

然后就是时间到了之后使用方法native String stringFromJNI2(int i)计算得到flag的值，但是这里native方法是安卓一种消息机制，短时间内不能找到该函数，而且还有一个重要参数K的
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2022-03-04 11:44" pubdate>
              2022-03-04
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/%E7%BB%83%E9%A2%98-%E5%AD%A6%E4%B9%A0%E8%AE%B0%E5%BD%95/">练题&学习记录</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Reverse/">Reverse</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/PWN%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%832-%E6%A0%BC%E5%BC%8F%E5%8C%96%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%BC%8F%E6%B4%9E.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20220228194749851.png" srcset="/img/loading.gif" lazyload alt="PWN入门到放弃2-格式化字符串漏洞">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/PWN%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%832-%E6%A0%BC%E5%BC%8F%E5%8C%96%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%BC%8F%E6%B4%9E.html" target="_self">
          PWN入门到放弃2-格式化字符串漏洞
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/PWN%E5%85%A5%E9%97%A8%E5%88%B0%E6%94%BE%E5%BC%832-%E6%A0%BC%E5%BC%8F%E5%8C%96%E5%AD%97%E7%AC%A6%E4%B8%B2%E6%BC%8F%E6%B4%9E.html" target="_self">
          
          
            
          
          0x00 printf函数printf函数的格式是printf(&quot;%s&quot;,(char*)str)之类的，就是有一个参数%d，%c，%x等等之类的
如果吧格式写成printf((char*) str)，那么如果str里含有 printf可以识别的格式字串，那么printf就会执行操作
0x10 环境准备在Ubuntu20.04下使用gcc编译器，因为反编译效果不佳，推荐使用cla
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2022-03-03 15:42" pubdate>
              2022-03-03
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/Pwn%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/">Pwn基础知识</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Pwn/">Pwn</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/bugku%E7%BB%83%E9%A2%98%E8%AE%B0%E5%BD%951-signin&amp;Easy_Re.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20211118141246370.png" srcset="/img/loading.gif" lazyload alt="bugku练题记录1-signin&amp;Easy_Re">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/bugku%E7%BB%83%E9%A2%98%E8%AE%B0%E5%BD%951-signin&amp;Easy_Re.html" target="_self">
          bugku练题记录1-signin&amp;Easy_Re
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/bugku%E7%BB%83%E9%A2%98%E8%AE%B0%E5%BD%951-signin&amp;Easy_Re.html" target="_self">
          
          
            
          
          0x00 signin一道安卓逆向题，这里推荐使用jadx-gui 这个工具，还不错。直接打开，找到main。这个需要一点经验或者基础，不然main在哪都找不到。

就这小小的一行就蕴含了这么多东西，这个代码质量我觉得挺高的。
首先是 str.equals(str1)，这是java的字符串比较的引用方法，如果str &#x3D;&#x3D; str1，就返回true。
str可以在下面看见，是输入
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2021-11-18 14:36" pubdate>
              2021-11-18
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/%E7%BB%83%E9%A2%98-%E5%AD%A6%E4%B9%A0%E8%AE%B0%E5%BD%95/">练题&学习记录</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Reverse/">Reverse</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/Python%E5%AE%9E%E7%8E%B0%E5%88%86%E8%A7%A3GIF%E3%80%81%E8%A3%81%E5%89%AA%E3%80%81%E6%8B%BC%E5%9B%BE.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20211116010612571.png" srcset="/img/loading.gif" lazyload alt="Python实现分解GIF、裁剪、拼图">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/Python%E5%AE%9E%E7%8E%B0%E5%88%86%E8%A7%A3GIF%E3%80%81%E8%A3%81%E5%89%AA%E3%80%81%E6%8B%BC%E5%9B%BE.html" target="_self">
          Python实现分解GIF、裁剪、拼图
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/Python%E5%AE%9E%E7%8E%B0%E5%88%86%E8%A7%A3GIF%E3%80%81%E8%A3%81%E5%89%AA%E3%80%81%E6%8B%BC%E5%9B%BE.html" target="_self">
          
          
            
          
          python处理GIF也是秋季校赛的题，我觉得这个题出的还算不错，结果出题自己的解法……惊艳到我了
0x00 题目原件
是一个动图，但是没有动图的图床，就展示静态图吧，就是在个框框内滚动，以达到展示完GIF的目的
我想着这题还挺有趣……结果出题人自己不会写exp，在Excel表格上画二维码……
0x01 分解GIF这里用到一个三方库pillow，这是在标准库PIL的基础上的拓展，更兼容，实用。
1
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2021-11-16 01:09" pubdate>
              2021-11-16
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/CTF%E8%B5%9B%E5%90%8E%E6%80%BB%E7%BB%93/">CTF赛后总结</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/CTF/">CTF</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/2021CDUCTF11%E6%9C%88%E6%A0%A1%E8%B5%9B.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20211115130828024.png" srcset="/img/loading.gif" lazyload alt="2021CDUCTF11月校赛">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/2021CDUCTF11%E6%9C%88%E6%A0%A1%E8%B5%9B.html" target="_self">
          2021CDUCTF11月校赛
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/2021CDUCTF11%E6%9C%88%E6%A0%A1%E8%B5%9B.html" target="_self">
          
          
            
          
          新生赛，担任出题给新生们出点题玩玩，没想到惨不忍睹，只能可劲放hint，深怕他们们解不出来。
0x00 Reverse所有我出的题，我尽量给出双解（IDA和OD），不是我出的就不要在我这里看了奥
0x01 LuckIDA先看mian函数，game函数和flagshow函数

然后看game函数

在函数结尾的时候有一个设置随机数种子，很可疑，暂时记下。0x2918 &#x3D; 10520。再看f
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2021-11-15 00:43" pubdate>
              2021-11-15
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/CTF%E8%B5%9B%E5%90%8E%E6%80%BB%E7%BB%93/">CTF赛后总结</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/CTF/">CTF</a>
            
              <a href="/tags/Reverse/">Reverse</a>
            
              <a href="/tags/Pwn/">Pwn</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
    <article class="col-12 col-md-12 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/Pwn%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA.html" target="_self">
          Pwn环境搭建
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/Pwn%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA.html" target="_self">
          
          
            
          
          前言在13号有一个校内赛CTF，目前我们战队的情况是比较尴尬的，没有pwn手了，我这一届，底下一届连续两届都没有。只能寄希望于这届新生了。另一方面是Re确实不太好走，技术嘛，还是越走越宽才好。所以，弄一个pwn题的靶场环境是很有必要的。

0x00 靶场环境安装准备Linux的系统环境，这里我用的是Ubuntu（阿里云的服务器）

安装docker： sudo apt install docker
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2021-11-11 01:28" pubdate>
              2021-11-11
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/Pwn%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86/">Pwn基础知识</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Pwn/">Pwn</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/%E8%AE%B0%E4%B8%80%E6%AC%A1%E7%BD%91%E7%BB%9C(%E5%B1%80%E5%9F%9F%E7%BD%91)%E7%A8%8B%E5%BA%8F%E9%A1%B9%E7%9B%AE%E5%BC%80%E5%8F%912.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20211029184625614.png" srcset="/img/loading.gif" lazyload alt="记一次网络(局域网)程序项目开发(二)">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/%E8%AE%B0%E4%B8%80%E6%AC%A1%E7%BD%91%E7%BB%9C(%E5%B1%80%E5%9F%9F%E7%BD%91)%E7%A8%8B%E5%BA%8F%E9%A1%B9%E7%9B%AE%E5%BC%80%E5%8F%912.html" target="_self">
          记一次网络(局域网)程序项目开发(二)
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/%E8%AE%B0%E4%B8%80%E6%AC%A1%E7%BD%91%E7%BB%9C(%E5%B1%80%E5%9F%9F%E7%BD%91)%E7%A8%8B%E5%BA%8F%E9%A1%B9%E7%9B%AE%E5%BC%80%E5%8F%912.html" target="_self">
          
          
            
          
          本期知识点
Socket通信原理
通信安全、网络安全
制定通信协议
登录、注册时的协议
游戏进程中的通信协议


通信内容的封装与解析
连接状态的检测与服务器保护机制

0x03 网络编程，Socket从底层出发在记录完基本基础开发过程之后，现在开始记录本次项目的核心内容：SOCKET。它在百度百科上是这样解释的：
所谓套接字(Socket)，就是对网络中不同主机上的应用进程之间进行双向通信的端点
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2021-11-01 22:58" pubdate>
              2021-11-01
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/%E9%9A%8F%E6%89%8B%E8%AE%B0%C2%B7%E4%B8%80%E4%BA%9B%E5%AE%89%E5%85%A8%E4%B9%8B%E5%A4%96%E7%9A%84%E6%8A%80%E6%9C%AF/">随手记·一些安全之外的技术</a>
            
          </div>
        
        
          <div class="post-meta">
            <i class="iconfont icon-tags"></i>
            
              <a href="/tags/Win32/">Win32</a>
            
              <a href="/tags/EasyX/">EasyX</a>
            
          </div>
        
      </div>
    </article>
  </div>

  <div class="row mx-auto index-card">
    
    
      <div class="col-12 col-md-4 m-auto index-img">
        <a href="/archives/Excel%E5%85%AC%E5%BC%8F%E8%AE%A1%E7%AE%97%E5%90%8E%E5%8F%AA%E4%BF%9D%E7%95%99%E7%BB%93%E6%9E%9C.html" target="_self">
          <img src="https://gitee.com/Asteri5m/wd_img/raw/master/img/image-20211031231007154.png" srcset="/img/loading.gif" lazyload alt="Excel公式计算后只保留结果">
        </a>
      </div>
    
    <article class="col-12 col-md-8 mx-auto index-info">
      <h1 class="index-header">
        
        <a href="/archives/Excel%E5%85%AC%E5%BC%8F%E8%AE%A1%E7%AE%97%E5%90%8E%E5%8F%AA%E4%BF%9D%E7%95%99%E7%BB%93%E6%9E%9C.html" target="_self">
          Excel公式计算后只保留结果
        </a>
      </h1>

      <p class="index-excerpt">
        <a href="/archives/Excel%E5%85%AC%E5%BC%8F%E8%AE%A1%E7%AE%97%E5%90%8E%E5%8F%AA%E4%BF%9D%E7%95%99%E7%BB%93%E6%9E%9C.html" target="_self">
          
          
            
          
          问题描述涵女士总是有一些憨憨的要求还自己不会处理的。这次的要求是这样的，她用公式算出来的数据，现在不需要原来的数据了，只保留结果数据。
她的操作是这样的：直接删除原来的数据，然后结果就……

就显示错误了哈哈哈哈哈哈，笑死我了，哈哈哈哈哈
解决办法接下来，展示 正确操作 ：

首先，复制结果；
然后，右键鼠标；
选择  “选择性粘贴”；
选择数值，点击确定，即可完成。




完成后，对格式进行处
        </a>
      </p>

      <div class="index-btm post-metas">
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-date"></i>
            <time datetime="2021-10-31 23:11" pubdate>
              2021-10-31
            </time>
          </div>
        
        
          <div class="post-meta mr-3">
            <i class="iconfont icon-category"></i>
            
              <a href="/categories/%E5%A5%87%E6%80%AA%E7%9A%84%E7%9F%A5%E8%AF%86%E5%A2%9E%E5%8A%A0%E4%BA%86/">奇怪的知识增加了</a>
            
          </div>
        
        
      </div>
    </article>
  </div>



  <nav aria-label="navigation">
    <span class="pagination" id="pagination">
      <span class="page-number current">1</span><a class="page-number" href="/page/2/#board">2</a><a class="extend next" rel="next" href="/page/2/#board"><i class="iconfont icon-arrowright"></i></a>
    </span>
  </nav>



              </div>
            </div>
          </div>
        </div>
      </div>
    

    
      <a id="scroll-top-button" aria-label="TOP" href="#" role="button">
        <i class="iconfont icon-arrowup" aria-hidden="true"></i>
      </a>
    

    
      <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
     aria-hidden="true">
  <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
    <div class="modal-content">
      <div class="modal-header text-center">
        <h4 class="modal-title w-100 font-weight-bold">搜索</h4>
        <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
          <span aria-hidden="true">&times;</span>
        </button>
      </div>
      <div class="modal-body mx-3">
        <div class="md-form mb-5">
          <input type="text" id="local-search-input" class="form-control validate">
          <label data-error="x" data-success="v"
                 for="local-search-input">关键词</label>
        </div>
        <div class="list-group" id="local-search-result"></div>
      </div>
    </div>
  </div>
</div>
    

    
      <div class="col-lg-7 mx-auto nopadding-x-md">
        <div class="container custom mx-auto">
          <meting-js server="netease" type="playlist" id="5413938648" fixed="true" theme="#aa55ff"></meting-js>
        </div>
      </div>
    
  </main>

  <footer class="text-center mt-5 py-3">
  <div class="footer-content">
     <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>使用Hexo框架</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>精品Fluid主题</span></a><br> <span id="timeDate">天数载入中</span><span id="times">...</span><br> 
  </div>
  
  <div class="statistics">
    
    

    
      
        <!-- LeanCloud 统计PV -->
        <span id="leancloud-site-pv-container" style="display: none">
            总访问量 
            <span id="leancloud-site-pv"></span>
             次
          </span>
      
      
        <!-- LeanCloud 统计UV -->
        <span id="leancloud-site-uv-container" style="display: none">
            总访客数 
            <span id="leancloud-site-uv"></span>
             人
          </span>
      

    
  </div>


  
  <!-- 备案信息 -->
  <div class="beian">
    <span>
      <a href="http://beian.miit.gov.cn/" target="_blank" rel="nofollow noopener">
        蜀ICP备2021029058号
      </a>
    </span>
    
      
        <span>
          <a
            href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=51011202000479"
            rel="nofollow noopener"
            class="beian-police"
            target="_blank"
          >
            
              <span style="visibility: hidden; width: 0">|</span>
              <img src="/img/beian.png" srcset="/img/loading.gif" lazyload alt="police-icon"/>
            
            <span>川公网安备 51011202000479号</span>
          </a>
        </span>
      
    
  </div>


  
</footer>


  <!-- SCRIPTS -->
  
  <script  src="https://cdn.jsdelivr.net/npm/nprogress@0/nprogress.min.js" ></script>
  <link  rel="stylesheet" href="https://cdn.jsdelivr.net/npm/nprogress@0/nprogress.min.css" />

  <script>
    NProgress.configure({"showSpinner":false,"trickleSpeed":100})
    NProgress.start()
    window.addEventListener('load', function() {
      NProgress.done();
    })
  </script>


<script  src="https://cdn.jsdelivr.net/npm/jquery@3/dist/jquery.min.js" ></script>
<script  src="https://cdn.jsdelivr.net/npm/bootstrap@4/dist/js/bootstrap.min.js" ></script>
<script  src="/js/events.js" ></script>
<script  src="/js/plugins.js" ></script>

<!-- Plugins -->


  <script  src="/js/local-search.js" ></script>



  
    <script  src="/js/img-lazyload.js" ></script>
  



  






  <script defer src="/js/leancloud.js" ></script>



  <script  src="https://cdn.jsdelivr.net/npm/typed.js@2/lib/typed.min.js" ></script>
  <script>
    (function (window, document) {
      var typing = Fluid.plugins.typing;
      var title = document.getElementById('subtitle').title;
      
      typing(title)
      
    })(window, document);
  </script>












  

  

  

  

  

  




  
<script src="//cdn.jsdelivr.net/npm/aplayer@1.10.0/dist/APlayer.min.js"></script>
<script src="//cdn.jsdelivr.net/npm/meting@2.0.1/dist/Meting.min.js"></script>
<script src="/xm_custom/custom.js"></script>



<!-- 主题的启动项 保持在最底部 -->
<script  src="/js/boot.js" ></script>


</body>
</html>
